Every 11 seconds.


That’s how often a business falls victim to ransomware.[1] Cyber threats are on the rise globally, and cyber risk is a growing threat to all companies, even small and medium-sized businesses. The fact is online criminals can as readily attack a small business as a large one. One reason why they might prefer to go after the little guys is to get through the door into a bigger company. For example, often small businesses have vendor relationships with larger ones and are required to share data. 


Another reason that small to medium-sized organizations tend to be more vulnerable is because few can afford a dedicated security department, making it less likely for there to be network security measures in place.


But it can be overwhelming for business leaders to know how to protect themselves, what they need, and where to start given the multitude of companies out there that claim to protect them against cyber threats. For expert guidance, start with a cyber risk management solution provider like Trava that offers a comprehensive approach to cyber risk management—assess vulnerabilities, reduce risk, and insure against incidents if they do occur.


In Part One of our two-part blog series, we offer the first five of the 10 most important things you as a business leader can do to protect your data and your clients’ data.


1. Take inventory of your data

Know where all of your data lives. Then categorize it according to whether it is public (any information available in the public domain), private (information concerning a person that can be reasonably expected to be secured from public view), or regulated (information that must be provided by a company to a regulatory agency).


2. Back up all data offline

Traditionally this process involved copying files onto removable hard drives, which would then be stored in a separate location. More recently, however, businesses have shifted to investing in cloud backup, through which data is kept in offsite servers.


3. Determine who has access and at what permission levels

This is an important step. It’s likely that any given company is suffering a data loss or theft from departing employees at this very moment! According to one report, as many as 72% of departing employees admit to taking company data, and 70% of intellectual property theft occurs within the 90 days before an employee’s resignation announcement.[2] Your internal cybersecurity initiatives should encompass the following regular and ongoing steps:


  • Start by educating new employees with security awareness and compliance training during onboarding. 
  • Audit each individual and their respective access levels on a regular basis.
  • Make sure each data bucket—public, private, regulated—has unique access credentials and approved parties. Keep that information private.
  • Assess who has privileged accounts—those that can give or remove permissions—frequently.
  • Set alerts for when data files are downloaded to an outside drive, portable drive, or outside email address.
  • Put audit protocols in place for deactivating access credentials of former employees. 


4. Perform continuous monitoring of all data environments

Check for vulnerabilities in external and internal environments with scan types that are comprehensive and include not only the dark web, but also environments that you may not think to scan, such as web applications and CMS platforms like WordPress.


5. Detect vulnerabilities and prioritize actions

Once your regular scans detect vulnerabilities, prioritize your mitigation actions based on the level of risk severity. 


In Part Two of this series, we’ll explore the next five of the 10 most important things you as a business leader can do to protect your data and your clients’ data.


In the meantime, download our infographic for an easy reference to the Top 10.


Citations

[1]Morgan, Steve, Global Ransomware Damage Costs Predicted to Reach $20 Billion by 2021, Cybercrime Magazine, Cybersecurity Ventures, October 21, 2019, retrieved July 8, 2021 https://cybersecurityventures.com/global-ransomware-damage-costs-predicted-to-reach-20-billion-usd-by-2021/

[2]Agnew, Richard, Your Employees are Taking Your Data, Infosecurity Magazine, 10 Oct. 2019, Retrieved June 25, 2021 https://www.infosecurity-magazine.com/opinions/employees-taking-data/

Image credit: Cybersecurity next step market map, CB Insights, https://www.cbinsights.com/research/cybersecurity-artificial-intelligence-startups-market-map/